How to force SSL for your WordPress installation

Today it is quite normal to have your site secured by SSL, even search engines rank you higher if you do so. So I decided to go on with the hype and setup SSL too… After installing the SSL certificate on the webserver I noticed that WordPress needs some more attention to get things running on HTTPS-only.

First thing I wanted to have is the admin environment secured, it happens this is an feature of WordPress.

You can add this setting to wp-config.php to force SSL for the admin panel

PHP

1

define('FORCE_SSL_ADMIN',true);

After reading the code I found that you could also add FORCE_SSL_LOGIN but after looking closely this is always set to true in the code code since it is deprecated from version 4.0.0.

Second thing you must change is the URL where the WordPress installation is housed.

In the admin panel goto Settings -> General and change both URLs to have https:// rather than http://.

After changing this WordPress tries to link to https environments most of the time.

This is already one of the most effective steps to do, but you are not done yet.

Anther thing has to be done to force all urls to rewrite to the SSL environment.

This can be done by changing the .htaccess file. You need to add the two marked lines shown below.